Filter
Top Products
Configuring HWTACACS Authentication for Telnet Users 175
Network Diagram Figure 46 Network diagram for configuring HWTACACS authentication for Telnet users
Networking and
Configuration
Requirements
As shown in Figure 46, you are required to configure the switch so that Telnet
users logging into the switch are authenticated and authorized by the TACACS
servers.
A TACACS server with the IP address 10.110.91.164 is connected to the switch. It
will be used as the authentication, authorization and accounting server.
On the switch, set the shared keys for exchanging authentication, authorization
and accounting messages with the TACACS server to expert. Configure the
switch to strip domain names off usernames before sending usernames to the
TACACS server.
On the TACACS server, configure the shared keys to expert for exchanging
messages with the switch, and add Telnet usernames and login passwords.
Applicable Products
Configuration Procedure # Configure a HWTACACS scheme.
<3Com> system-view
[3Com] hwtacacs scheme hwtac
[3Com-hwtacacs-hwtac] primary authentication 10.110.91.164 49
[3Com-hwtacacs-hwtac] primary authorization 10.110.91.164 49
[3Com-hwtacacs-hwtac] key authentication expert
[3Com-hwtacacs-hwtac] key authorization expert
[3Com-hwtacacs-hwtac] user-name-format without-domain
[3Com-hwtacacs-hwtac] quit
# Configure domain hwtacacs to use HWTACACS scheme hwtac.
[3Com] domain hwtacacs
[3Com-isp-hwtacacs] scheme hwtacacs-scheme hwtac
[3Com-isp-hwtacacs] accounting optional
Internet
Telnet user
Authentication server
10.110.91.164/16
Product series Software version Hardware version
Switch 5500 Release V03.02.04 All versions
Switch 5500G Release V03.02.04 All versions
Switch 4500 Release V03.03.00 All versions
Switch 4210 Release V03.01.00 All versions